DLP Discover Incident Details Cube

Contains information about incidents discovered by a Discover Data Loss Prevention scan as well as the conditions that triggered those incidents. Information specific to this cube includes the total number of incidents, number of violations, the name of the policy that generated the incident, the conditions within those policies, the incident severity, status, and all custom attributes with its corresponding attribute values given during the remediation process.

Dimensions

  • Condition – Detection or Group: Indicates whether the condition belongs to one of two rule types
  • Condition – ID: Condition ID
  • Condition – Is Latest: Indicates whether or not this is the latest version of the condition
  • Condition – Minimum Matches: Specifies the minimum number of matches required to trigger the condition and generate an incident
  • Condition – Processing Order: Denotes the order in which conditions are processed
  • Condition – Rule or Exception: Indicates whether the condition was added as a rule or as an exception
  • Condition - Status: Captures historical changes of the condition status
  • Condition – Type: Describes the type of matching used in the condition
  • Condition – Unique or Multiple Matches: Indicates the match counting type selected in the condition
  • Rule – Name: Name given to the detection or exception rule.
  • Custom Attribute – Name: Lists all user-defined custom attributes
  • Custom Attribute – Value: Lists values assigned to the custom attributes
  • Data Owner – Name: Name of the person responsible for remediating the incident
  • Data Owner – Email: Email address of the person responsible for remediating the incident.
  • Detection – Date: Incident detection date as reported by the detection server
  • Detection – Date Range: Incident detection date range as reported by the detection server
  • Detection – Day of Week: Incident detection day as reported by the detection server
  • Detection – Month: Incident detection month as reported by the detection server
  • Detection – Quarter: Incident detection quarter as reported by the detection server
  • Detection – Week Number: Incident detection week number as reported by the detection server
  • Detection – Year: Incident detection year as reported by the detection server
  • Detection – Hour: Incident detection hour as reported by the detection server
  • Detection – Minute: Incident detection minute as reported by the detection server
  • Detection – Second: Incident detection second as reported by the detection server
  • Detection – Time: Incident detection time as reported by the detection server
  • Discover Incident – ContentRoot: Lists Content Roots that were scanned by the discover server
  • Discover Incident – Document Name: Name of the file that triggered the incident
  • Discover Incident – File Owner: Creator of the file or item that triggered the incident
  • Discover Incident – Repository Location: Full path of the file that triggered the incident
  • Discover Incident – Scanned Machine: Host name of the scanned computer
  • Discover Incident – Target Type: Discover target type
  • Discover Incident – File Location: Full path of the file that triggered the incident
  • Discover Incident – ACL Type: ACL permission type Note: Possible values are: File
  • Discover Incident – Grant or Deny: Indicates whether the ACL type assigned permission is grant or deny
  • Discover Incident – File Permission: Permission assignment corresponding to the Grant or Deny dimension
  • Discover Incident – File Permission Username: Username or group granted the given file permission
  • Discover Incident – Protect Status: Indicates the remediation action taken on the discovered file
  • Discover Scan – In Process Scan: Indicates whether or not the scan is in progress
  • Discover Scan – Initial Scan: Indicates whether or not this is the first scan performed on the discover target
  • Discover Scan – Instance ID: Discover scan instance ID
  • Discover Scan – Last Completed Scan: Indicates whether or not this is the last scan performed on the discover target
  • Discover Scan – Target Type: Denotes the type of data repository being scanned
  • Discover Server – Name: Discover server name
  • Discover Target – Name: Discover target name as shown in the Enforce console
  • Incident – ID: Incident – ID
  • Message Component – Document Format: File format used in the message
  • Message Component – MIME Type: MIME type used in the message
  • Message Component – Name: Name used in the message
  • Incident – Severity: Incident severity
  • Incident – Status: Incident status as shown in the incident snapshot
  • Incident – Status Group: Incident status group as defined in the Enforce console
  • Message – Date: Date the message was received by the detection server or endpoint client
  • Message – Date Range: Date range the message was received by the detection server or endpoint client
  • Message – Day of Week: Day the message was received by the detection server or endpoint client
  • Message – Month: Month the message was received by the detection server or endpoint client
  • Message – Quarter: Quarter the message was received by the detection server or endpoint client
  • Message – Week Number: Week number the message was received by the detection server or endpoint client
  • Message – Year: Year the message was received by the detection server or endpoint client
  • Message – Hour: Hour the message was received by the detection server or endpoint client
  • Message – Minute: Minute the message was received by the detection server or endpoint client
  • Message – Second: Second the message was received by the detection server or endpoint client
  • Message – Time: Time the message was received by the detection server or endpoint client
  • Oracle Database – Host Name: Denotes the Oracle database name and instance name from which the data is obtained
  • Policy – Description: Policy description as displayed in the Enforce console
  • Policy – ID: Policy ID
  • Policy – Is Deleted: Indicates whether or not the policy has been deleted
  • Policy – Is Latest Version: Indicates whether or not the policy version is the latest
  • Policy – Name: Policy name
  • Policy – Status: Indicates whether the policy is active or inactive
  • Policy – Version: Policy version number
  • Policy – Group Name: Policy Group names as defined in the Enforce console

Measures

  • Match Count: Total number of Discover matches.
  • Incidents Count: Total number of Discover incidents.